CVE-2021-21608 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Cross-site scripting
Description	Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI. This results in a cross-site scripting vulnerability exploitable by attackers with the ability to control button labels. An example of buttons with a user-controlled label are the buttons of the Pipeline input step. Jenkins 2.275, LTS 2.263.2 escapes button labels in the Jenkins UI.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1446	jenkins	2.274-1	2.275-1	High	Fixed

Date	Advisory	Group	Package	Severity	Type
20 Jan 2021	ASA-202101-41	AVG-1446	jenkins	High	multiple issues

References
https://www.jenkins.io/security/advisory/2021-01-13/#SECURITY-2035 https://github.com/jenkinsci/jenkins/commit/8c451b08886561a914ef0c30cbb9d40ea33a9bbe